The Europol work programme until the end of the year 2016 reveals that the agency’s goals are to gradually expand its surveillance capacities, to facilitate cross-border access to data, and increase the use of biometrics.

The Universal Message Format UMF-3 project aims at facilitating increased cross-border exchange of law enforcement information. Part of this project are the Member States, Europol, Frontex, Interpol and EU-LISA (the European Agency for the operational management of Large-Scale IT Systems). The costs for the development of the system are estimated at around 1,6 million euro. This will also include the pilot project QUEST (Querying Europol Systems), which is a search web service that will allow the Member States to access Europol’s databases.

2. Pwning all the databases

Secondly, Europol states in its overview that it is “improving its technical capabilities to enable a systematic cross-matching of Schengen Information System (SIS II) alerts against Europol systems”.

Europol’s paper then goes on to criticise the “strict purpose limitation” when it comes to accessing data on the Visa Information System (VIS) and EURODAC system, which is the European fingerprint database for identifying asylum seekers. In the leaked document, the agency suggests to foresee the connection and increased use of these databases in the upcoming review of the VIS framework and in the negotiations of the EURODAC Regulation.

Netzpolitik.org explains that a paper by the German Interior Ministry published earlier in 2016 called for the creation of a European centralised system for the collection of personal data and fingerprints. Read in combination with Europol’s plans, this would mean the merging of VIS, EURODAC and SIS II. According the Ministry, other features could be added later, such as a link to collected air passenger data (Passenger Name Records, PNR).

3. Biometrics

Finally, Europol calls for the increased collection, access and use of biometrics and makes the case that the planned legal revision of the SIS framework should facilitate the cross-matching of biographic and biometric data against Europol systems.

Moreover, Europol wants to become an “information sharing partner in the Prüm framework”. The Prüm Convention, agreed in 2005 between France, Germany, Luxembourg, the Netherlands and Spain, enables the signatories to exchange data regarding DNA, fingerprints and vehicle registration. The leaked document explains that “Europol will prepare a business case to help explore the possibility to become an information exchange partner in the Prüm framework.” Such access would enable the agency to work with the Member States to “cross-check data”.

According to a recent statement from the EU Commission, the proposal for a regulation establishing an Entry Exit System might update existing databases to enable “the use of facial recognition software in combination with fingerprint recognition software to enable multi-modal biometric matching”.

As the leaked document is merely an implementation of the “Roadmap on information exchange and interoperability”, Europol’s plans are not very surprising. However, it illustrates well how Europol’s surveillance capacities are continuously expanded – while, as previously reported in the EDRi-gram, oversight of the agency’s activities is almost completely lacking.